Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

spam-it-to-me-baby writes: "Telopolis writes The Dutch Government is considering a commission proposal to offer the country's citizens a 'digital safe-deposit' box for personal and financial data as a means of speeding up the government's administrative process. The article says the Dutch Government's current register of population "holds on every Dutch citizen about two hundred items of personal data, like name, date and place of birth, tax number, partners, children and other parts of the 'administrative course of life'." "The police, tax office, pension funds and other organisations which are allowed to access these personal data should get an interface for direct access to the digital safe-deposits. The commission thinks this will discourage fraudulent behaviour," it says."

Don't know about the other European countries but I know for a fact that in Holland the privacy laws are very very strict. Even so strict that most commercial companies call them 'absurd'. Which is fine by me, 'cause since I am not a large company, but just a citizen, I can appreciate this high level of privacy.

Yep, the government is even advertising for this: "The Netherlands go digital" (Nederland gaat digitaal). It seems to me that the Dutch government is profiling itself to be as renewing as possible, they try to be a trendsetter whenever possible: like in legalizing softdrugs, prostitution, euthanasia etc..

Some people here have been very pessimistic about the way this is going to be implemented. (Rightly so i might add!)
But there's an important note that they forgot to mention in this posting.
Access to these deposit boxes by citizens will only be allowed through terminals which are located at city halls.
With this restriction it becomes a whole lot easier to secure this kind of data. I mean there already is a network linking all city halls, which can only be used by government officials to enter data about people. I never heard of that network getting hacked.
The security of the data that is accessible by companies is a completely different story. I really don't think that that kind of data can be protected 100%, not if that kind of data is spread all over the place at dozens of different companies.
But then again, there's only data in there that you allowed to be public.

As I am dutch i can read the articles in the Volkskrant and the proposal as given by the commision. The lockbox can be left empty, so there is no more information in it than there is now in the Dutch citizen administration kept by the municipalities. Only if you want yourself, you can use the lockbox to view what information other agencies have on you , like the revenue service. You can not alter any information yourself. The use of this would be to check if information about you is correct. Also if you do not care about youre privacy, you could give other agencys acces to the information in the lockbox.

However at this time, it is already possible for the revenue service and the police to check all the facts in the citizens administration. The difference would be they could check instantly instead of having to wait for busines hours.

Fact no.1
All this data is there anyway, no additional information is gathered.

Fact no.2
Currently this data is spread over numerous agencies, stored on numerous servers, written on stacks of forms, civil servant's notebooks etc. Most security risks mentioned earlier on in the discussion exist now. I work as a consultant in government IT and the largest threat to the confidentiality of your data is the fact that it is so decentralised that it is impossible to check on what they have on you and equally impossible to check on whether the agencies are storing your data in an appropriate way.

Fact no.3
Privacy laws are quite good in The Netherlands, especially compared to most other countries. Ppl who have mentioned the possibility of selling information by the government have no clue of Dutch law and how our government operates.

My thoughts:
Thought 1
This will put information in a central place where the applying laws concerning privacy can be enforced in a practical way. (This also includes reviewing the security measures taken to protect the information). An agency that doesn't need your information doesn't get it. It is impossible to do this now. I think that, if implemented in a good way, this might actually help your information be safe and give you control over and an insight into what information is used.

Thought 2
Furthermore it might make it possible to make the data more reliable as people can check their own information.

Thought 3
It will make "fraudulent" behaviour much harder. A lot of people here seem to think this is a bad idea, but for every buck that is fraudulently not payed in taxes because of fraudulent behaviour, we, the nice and lawabiding citizens, have to pay a buck more.

My conclusion
I don't always like it when i have to submit information to my government, but if i have to, this might give me control and knowledge of what happens with my data, which is a good thing in my book. It seems to me that the only people who have something to lose by this are people who are doing something that is either illegal or bordering on illegal, and I don't think their rights are more important than my right to be able to control my own personal data.

First of all, the Netherlands are not
the US of A;) Things are (on a sociological level) quite different here!

But seriously, I think your comparison with WWII
goes somewhat lame, since it is quite a different
period in time, and quite a different level
of technological development with respect to
storage and protection of documents.

I personally think it is a very good idea to centralize information, especially if it is as
`sensitive' as this (with sensitive being very
relative, here). This is because decentralization
means more difficult (social) control over
the actual usage. Amd the best protection
of information is the socially
implemented protection; i.e. through laws and
regulations proposed and accepter
through a democratically controlled body.

But since the internet community may be anarchistic in its roots, they may find
this hard to swallow.

But just think about it: using only non-social (technological)
protection of information will ultimately develop
into an information monopoly for those who possess
the technology. And besides this, you implicitly put your trust into those who possess and control the technology -- which again can degenerate
into 1984-ish proportions. (Unless you ultimately
believe in the goodness of mankind, that is; to
which I only can say, clap in your hands like
a Zen buddist monk to remind yourself life is
much more complex than you ever imagined;)

Socially regulated protection can
balance this. On the one
hand you have the technological sophistication
to enforce and implement
control, but you are bound to socially
accepted parameters with respect to its usage
and thus (effectively) to its control.

Maybe this is all quite different in the
decentralized social contruct of the USA,
but on the mainland of Europe, this is
most definitely the best way to go

It's at:
http://www.minbzk.nl/pdf/ob/bpr/eindrapport_gba_in _de_toekomst_3-01.pdf
Regrettably it's only available in Dutch.
Having glanced over it I can't say privacy issues aren't addressed. Technical and security issues however aren't.
There is some way to go before this is implemented, and I frankly do not expect it ever will.
Allthough there are frightening consequences, I don't think we should be completely dismissive of governments investigating schemes towards controlling digital personal data.
There allready is a lot of personal data out there, and if governments don't control them, the business community might.
That's even more scary.

I am less concerned with the idea of centrally stored data than other readers, though I too remain cynical about those who plan to introduce it. To my mind, a more significant problem than some nefarious character easily discovering facts about me (which are already in public record) are the array of information collecting agencies, whose data is less easily available - even to those to whom it refers.

For example, credit reference agencies store highly personal details regarding use of, say credit cards, but without sufficient detail to give a complete picture of a customer, which can easily lead to discrimination against the unwary. For example, if you consider buying a car on credit, and agree to let several companies to make enquire, someone with an exemplary record can easily become a suspicious character as no record is made of their decision to decline an offer. There is a conflict of interest here, as the vendor would like customers it has chosen to accept to be considered bad risk elsewhere as this increases their chance of making a sale. A similar conflict arises with credit card companies. Capital-One has been in the news in the UK for delaying dispatch of statements, giving customers only a few hours to make payments on time. A late payment acts as a black mark against a customer on a central register, a number of which can prevent the customer switching to another lender. Hence, for both long and short term prosperity, credit card companies need to identify low risk customers, and to engineer a situation in which their customer makes late payments, as this involves large charges and also effectively ties in the customer for the foreseeable future. Amusingly, as assets are not part of a credit history, an individual's record can brazenly show multiple late payments on a £10,000 store card, yet fail to mention that this is in relation to a dispute over, say a £5.00 misapplied charge falsely giving them a balance, and woefully fails to mention a consistent large credit balance at the customer's bank. Furthermore, once the customer has been declined credit, this can be a further obstacle in the future - even should it be proven that the decision was unfounded.

I for one would welcome any transparent system - and would like to see a minimum requirement that agencies explicitly inform subjects when they store personal information; that the agency undertakes the burden of proof in cases of disputes, and that they are required to prove the accuracy of their information within a predetermined timescale. At present, in the UK (and I understand the USA too) the procedure is that individuals must contact the agency, paying a nominal charge, on any occasion they feel concerned, which is invariably too late. Naturally, the agency says it's only storing information provided to it by third parties, and if this information is wrong then the customer should take this matter up with the originator of the "information" who, naturally, insists that their version of events is accurate unless the customer can demonstrate that they adhered to reams of nebulous fine-print on every occasion in their distant history... nigh impossible!

If I could be guaranteed that my data is stored encrypted with my own public key, and delivered only encrypted with public keys which I personally trust (like my doctors key), then I might not have such a bit problem with this.

A requestor could prompt me for my private key to decrypt and deliver my data via sWAP, if they are in a big hurry. Otherwise, I'll approve your data request next time I login.

If I want to give, for example, my mortgage brokers access to my financial information, I tell them which sub-box they can find that in, and the key for the sub-box.

Better yet, I'll take the info I want them to see out of my box and encrypt it with my private key, then their public key. They are the only ones that can read it, and since my public key decrypts it, I was the one who sent it.

So what's better...having a secure central cache of personal information that *you* control...or having many many levels of duplication of paperwork of all your personal information scattered over various institutions in the hands of everyday paper pushers?

Save for th UK, which appears to be in the process of killing off any form of privacy, all European countries have similar or comparable data protection laws.

There are many fucked up laws in the UK at the mo (Regulation of Investigory Powers act, Criminal Justice act, etc.) and the whole CCTV big brother thing sucks. But data protection regulation is very good, and now applies to non digital data too. The data protection act is very useful for getting information out of people who collect data on you for a living [dpr.gov.uk] and also as a stick to wield against stupid people. Example: the finance department of my University put an Excel file contianing the home addresses of all students in a shared directory on the campus LAN. Once I notified the Uni data protection oficer it was removed in about 10 minutes!

There are rules about government departments not sharing data unless neccesary, but everyone knows that it still goes on. The way to combat this is to make it hard for them to share the data, e.g. NOT by putting it all in the same place.

One database that has all the information that government agencies need about a person: name, date of birth, current residence, SS#, contact info (address, phone, email), sex... in other words, all that stuff that you have to keep filling out on form after form after form. Other stuff could be in there too, like criminal record, licenses held, preferred bank accounts (for billing and receiving payments).

I realize that this sounds like a lot of important stuff, but it is the same stuff you give whenever you apply for a job, and a lot of it whenever you interact with a public service, bank, etc. As far as I know, nothing is preventing a potential employer from selling information that an applicant submits. Or if a database was cracked at, say, the IRS, law enforcement agency, courthouse, etc. they (the crackers) would get the same info.

Since all this data is at potential risk anyway, it wouldn't bother me if the government put in serious effort to setting up a "Fort Knox" of a database with permissions for each agency that needed the info. Police would have to supoena access to anything other than a police record or basic data (name, address). The IRS wouldn't get access to arrest records. To get the access to the records they needed, they would be forced to go through a "gatekeeper" with oversite from different branches of government to prevent abuses. Infractions by public agencies would be punishible to the specific person(s) that disobeyed the law by personal fine, jailtime or other appropriate punishment.

Each person could opt to let select companies access information in this databank such as banks, prospective employers, credit agencies, etc. All changes to data must be reported to the person via the contact info in the record. The entire record would be accessible by the person in some manner.

If identity theft occurs, it will eventually be caught and a flag can be put on the record that causes an extra-careful examination of identity whenever it is accessed. All transactions occuring would be logged and would be suspect up to the time of the identy theft.

This would let a person update their info in one place when they move, change banks, get married, or change anything else that normally requires notification to multiple organizations. It would also aid those who continue to fight identy theft for years after it is discovered. Government would be more efficient by reducing the need for extra paperwork. And YES, government should be more efficient, especially in anything that makes people wait.

The goverenment has information about us on paper and in serveral databases which is completely logical, because this is needed for making decesions and sending taxforms and things.

The real problem with the new plan is SECURITY. Many hackers around the world will focus on this huge database, which will be difficult to manage because of it's size and loads of different users. Not connecting it to the internet immediately seems to be a good plan.

From all the things you have to do here to keep 100% legal, registering with the Population Register is the last one. The way things are set-up around here, you first register with the "Foreign Police", then with the "Tax Office" and finally with the "Population Register" of your municipality.

If i'm not mistaken you can even register with the "Tax Office" without being registered with the "Foreign Police".

I'm living here for more than one year now and NEVER, EVER, EVER got asked to show any identification to anybody as being registered with the "Population Register". Also, only once did i got asked to show my "Vreemdelinger" card ("Foreigner" card, literally "Alien" card - issued by the Foreign Police), and that was to register in the "Population Register".

You can live without any problems around here without ever registering with the "Population Register". I've know a couple of people who did it. Personaly, when i moved house (to a new municipality), i was a couple of months without signing-up to the "Population Register" of my new area (there's always something more important to do).

However for things that you do at the City Hall (like applying for a Dutch Drivers License - so that you can buy a car here), then you have to be registered.

From my point of view as a foreigner (and EU citizen), and as far as i can tell, if you don't buy a house here (just rent) or (maybe) get married (no big deal because non-married couples are a very popular thing around here and have lots of rights), then you could live your whole live without ever registering with the "Population Register" (buy the car in your country of origin and just drive it here).

I really like this idea. Of course it is good to be careful about the privacy issues involved (and you can leave that to the dutch citizens, they are not only fiercely independant but also have a strong memory of how the germans in 1940/5 misused the available population data).

Two features I am specially looking forward to:

A log of every single access to my box (if the police wants secret access they should have special permission, like now for a phone tap.)

Even stronger privacy acts so that companies have to rely heavily on this database, instead of on there own secret internal databases.

If this is done right, it could be used to invade the 'privacy' of companies & state agencies instead of the privacy of citizens.

Yes, this is terrible, and yes, I know everyone here hates the idea, but face it - this is going to happen sooner or later, and there is nothing anyone can do about it. There are so many groups that want a nice, complete, up-to-date database of every citizen's information, that it will happen eventually no matter how loud you protest. Rather then sit around and complain, we need to develop a "prototype" system that's inherently secure, peer reviewed, etc, and make sure it is the system that is put in place, instead of a poorly designed, easily hacked/sysadmin bribed system designed by the government, some mega corporation (i.e. Microsoft), etc. In other words: computers make life easier... even for people we don't like. Some people don't value "privacy" - most of them "manage" large groups of people (and money). Let's give them what they want - our way.

I don't know what my credit rating is. If it's fucked up, I don't know how to dispute it. There is a "credit database" out there somewhere, but I don't know who runs it, or who has access to it. If there was a "public database" (*designed correctly*), I would be asked permission, via email or however, every time someone wanted to look at or change my information. I have to authorize every transaction. Of course, I'd have to say "yes" when asked "Will you grant [Internal Revenue Service] rights to [view, modify] the entries filed under [financial]?" because there would be a law requiring me to do so, but aside from transactions required by law, there'd be nothing keeping me from saying "no" when it's a modification I dispute, or a request from an organization I don't like, etc.

Of course this would require a person to micro-manage every bit of his/her public/personal information, but at least it would be possible, and setting up a system NOW that lets you do this sets a privacy-friendly precedent.

Civil liberties groups are outraged by the proposals. The digital safe-deposits will contain highly sensitive personal information and are vulnerable to hack attacks. It also centralises personal information, which creates the technical conditions for law enforcement authorities to get easy access to all the personal data of citizens. Furthermore there is the fear that for instance insurance companies will order access to the medical information before closing a deal.

That I suppose sums it all up.

What else can you expect from governments. They tend to get so excited with proposals put forward by some dimwit and ofcourse they always overestimate their own capacity when formulating State Policy. And now you know why they fail.

This is absolutely verboten in (to my knowledge) any western European country.

In Switzerland, for example, it is even illegal for cops to tap into the unemployments office database, since this is in no way related to their official tasks. They may tap into the DMV (equivalent) database, since this is significant for their work.

Save for th UK, which appears to be in the process of killing off any form of privacy, all European countries have similar or comparable data protection laws.

Well, there's a difference between being paranoid and realistic. We have privacy laws here, but law enforcement is a different story alltogether. This law provides in the right to have an insight in the data the government or a company have about you. If you want to use that right, and actually try to see the data, you're reminded of the hitchhikers guide to the galaxy: "Of course you can look in to the plans, they are in a locked cabinet in the unlit basement, behind a door which says 'beware of the tiger'". I actually tried to gather some information, and soon found out that it's easier to go through a brick wall by running very hard into it. So tell me again, am I paranoid of realistic?

In Australia we already have this database, and already all information is being data matched. It is being used by the Department of Social Security, and is used to prevent fraud of the social security / welfare / public payout / pension benefit (whatever you want to call it) This has been done since the 1970's when they started out on a mainframe and is still in use to this day.

The privacy groups got in there as soon as they started up, and they got a few wraps on the knuckles for what they did, but it is still being done. The privacy groups ensured that the Tax Department only had information to their own records, and that the Registrar of Births, Deaths and Marriages only had information to their information as well as every other source.

I actually think that if it has taken the Netherlands this long to get in on the act they are pretty slow to it all. I don't believe that my own personal information has been compromised in any way. I don't recieve any junk mail from it. The government isn't selling the information to them, if they did they would have more of a backlash on their hands that what they could ever believe.

It is only being used to catch crooks, and for that reason and that reason only I count it as a good thing.

Well, i know (im dutch) the information is not for rent by any marketing company.... its against the privacy laws. Administrations WILL fall if they allow that:) The privacy issue is quite a precarious one here in the Netherlands.

Before I start with my rant I would like to point something out: I am not dutch. I am a south american who moved to Holland a couple of years ago. With that said, my view of certain dutch habits is that of a foreigner who stares in utter surprise at certain issues.

When I first moved here I was shocked at the lack of privacy in dutch society. I am not talking about personal records, what I mean is their "open doors" policy. Houses here are built with HUGE windows which are ALWAYS open. Walk through any dutch neighbourhood and you will look inside these houses and you can see people doing their daily chores in the open. Walk around dinner time and you will see them sitting by their dinning tables eating their food. The windows are generally so big that you can even see what they are eating. Oh, and the windows have no bars and no protection whatsoever.

In addition, every house has a name tag at the door. If you were truly evil, you could write down a certain family's name, walk by that house a few times and survey how many people live there, their approximate age, their daily habits and any other minutiae you would like to gather. First steps for identity theft are so incredibly easy in Holland. It's people themselves who make it that way.

Dutch people are amazingly prone to fill in any survey in exchange of "Frequent Customer" points or miles or awards. Any avarage dutch citizen carries a minimun of three of these cards. They are not even aware of what type of privacy invasions they could be subject to.

An incident which I would consider a severe privacy violation occured to one of my spanish friends: she took out the trash a day earlier than she was supossed to (she just didn't realize it was Monday instead of Tuesday and off she went with her bag). Three days later she received a letter from the municipality stating that she had to pay x amount of money in fines for violating the city laws regarding trash collection.

Her first response was surprise. How did they know that it was HER trash bag and not someone else's? She took half a day off work and the next morning went to the municipality where they merrily explained her that the offending trash bags are opened and subject to inspection. They also showed her a letter sent by her family, in her name, which she had put in that trash bag. That's how they unmistakenly prove someone's ownership on the trash.

With all of the above said, the "safe box deposit" idea is possibly so natural for the dutch that they don't see a reason to be worried.

I guess the commission took a good look at Quidam Quidam, a television series that ran on VPRO in Holland for a while. The series showed a hacker (a good one) in a rotten society in wich such a file was stored for every citizen by a national database. The most scary part of this where the thousands of people analyzing the security cameras that where all over the country in order to keep the peronal files as complete as possible. The most important man of the country was of course the head of this "National Database". I thougt the series was meant to show a distopia (negative or unwanted image of a possible future society). Unfortunately some people seem to have a different interpretation.

Still I'm glad to live in Holland, for at least we first have a public discussion on these topics. Instead of the USA where the government checks all e-mail (including mine) and does not allow encryptings that they can't read. And we certainly have less security cameras at this moment.

The main thing that the elections showed was that our voting technology needs to be upgraded. We had an election that was literally too close to call considering the margins of error on our voting recorders.

... and use it in a way that makes it accessible to people who should not use it, this sounds like a good idea. I've never been fond of people having more information on me then they need to do their jobs, but if it's already there then making it non-public is ALWAYS a good thing.

"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."

This sounds a lot like Microsoft's HailStorm idea. The problem though is that it will be hacked, and the only question is when. Heck, with all the "government officals" being able to access it, it's easy enough to do some social engineering to get all the info at once.
---
Fusion Industrieswww.FusionIndustries.com [fusionindustries.com]

Yes, this is very bad. Centralizing all of this information, and of course letting the government have a backdoor is anything but private. I really think that there should be a publicly run safe haven for data. Actually, I've heard of a few, but none come to mind right now. Heavy encryption, no back-door entry by the government, or anyone else. Completely private. Well, as private as data can be, anyway. There's always crackers. Anyone know of any such services? I'm drawing a complete blank.

They'll have a lot of information on the population. That really is a lot, you know. So they'll have to organize it be able to use it.
Just behave illogically and they'll have a lot of trouble putting a label on you. Sounds like fun to me! More rules to escape from. That's a national pasttime for us. This is a country where even all kinds of drugs are easily obtained. Rules mean nothing here, you have to duck them elegantly.

Hmm, I'm Dutch too but then there must be two different countries with the name....
You're very ill-informed about our privacy theory AND practice, your example is rediculous.
Any organisation (be it commercial or governement) in The Netherlands with a databank has to comply with the relevant and very strict privacy law. There are several examples of organisations proposing a database to the independent supervising authority and being told to change their set-up even befor starting!.

I'm dutch and i'll shock you even more:)
1. There are parts in Mexico where people don't even lock there doors, coz' there's nothing to steel! What I mean to say is: what's wrong with seeing people eat? Do you go to a restaurant with cubicles, so you dont see anyone else ??? Moreover, we dutch people do regard looking into the open windows as an invasion of privacy. (shocking, ey?) An average dutch person wouldn't dare to look inside... I now this is strange for foreingers, and in a way they have a point, but that's dutch society; live with it.
2. The "frequent customer" point is right, and the public is told about the potential problems several times whenever there is a new card out, so most people don't care. (I do though). And it is very simple to fake your identity with these things, just provide a fake, or slightly different name, and you always know where some firm got the info about you. (I knew someone who had a second credit-card with only the female version of his first name, claiming it to be his wife's credit card!)
3. The "trash-policy" is different per municipality, I have experience with 2 weeks delay between an offence (an old couch standing in front of my house) and a warning. But there are also cities where they don't collect your trash if it is in the wrong type(colour) of bag...
Personnally, I have my doubts about the "safe" because of safety, it is never impossible to crack a system, so decentralized information storage is the best.The prize we have to pay is that it is harder to get the info, even if you are a "good guy". That's a price i'm willing to pay.
PS. If anyone wants to now more about dutch people/society, read:"Xenofobians guide to the Dutch". I did, and it really teaches you a lot (even dutch people can learn from it).

I just love this tactic. Volunteer to let the government "safeguard" your sensitive personal data. Lets all rush to fill in the holes in the government's database to ensure that "authorized" government agents have easy access to the details of our private lives.

This is about as stupid as Microsoft thinking that millions of users will let MS "safeguard" thier files and financial information via web apps.

The thing that scares me is that the average Joe just might be that stupid.

Report to HPD & Mind Control for immediate reprogramming! And bring all your Teela-O-MLY pictures and Bouncy Bubble Beverage with you, you Commie Mutant Traitor Bastard!

(for those who don't get the joke, it's from Paranoia, an early 90's tabletop RPG. Very fun, but now out of print. You can get an idea of what it's like by running the paranoia program that's included on some linux distros in the BSD games package)

"Friend Citizen, why have you not taken advantage of Friend Computer's facility for storing your medical records? We realise it is totally optional, but your decision to do this has increased your treason by five points, initiating a tax audit."

There's optional and there's "Optional". You want to live in something other than a cardboard box? Better play nice or we'll think you're suspicious...

A lot of the security we currently enjoy (in my country) stems from the fact that there is no easy way to get a compiled list of my person details without someone expending a considerable amount of effort to collect medical records from my doctor and to visit my bank. This has real potential to be a honeypot for opportunistic snooping and later ammendment, "of course you employer's insurer should be allowed to see your medical records to stamp out insurance fraud..."

One thing I can say is, I'm glad we have groups in the US that counter these types of actions from seeing the light of day out here in the US.
As if in the US everything is about privacy. In general Europe has better privacy rules. The US government has even asked Europe to loosen these rules, because it made it problematic for US internet companies to work in Europe. (can't find the article:(, but see this/. art [slashdot.org]). Maybe you have groups that oppose such ideas, in Europe we have laws.
I agree with you that it is a bad idea to have 'easy acces' because of the possibility of ID theft, but I'm not making any illusions: what's proposed here to put in the safe deposit box is already in databases

The information in my digital safe deposit box is organized into a collection of sub-boxes. Each
sub-box contains related information (e.g., a financial information sub-box, a health information sub-box, etc.). Also, each sub-box is encrypted with a different key that I choose.

If I want to give, for example, my mortgage brokers access to my financial information, I tell them which sub-box they can find that in, and the key for the sub-box.

This obviously isn't the most convenient system from a key-management perspective. You also have to trust your mortgage brokers not to let your key out. But would it, otherwise, work?

Aside: it'd be nice to have a log of anyone who accessed that information, much like the credit bureau holds. Ever seen a print out of your credit history? Fascinating stuff, I tell you.

Well, we have the perfect solution (We=Belgium, just south of Holland) Over here you do not only have the right to vote but it is an obligation.
Every adult must vote, not showing up that sunday morning is punished pretty hard (jailtime).

Doing this "the people who keep track of the living and dead" are also those those that "register voters"... In fact those tasks have become synonims: the "population register (bevolkingsregister)" is often called the "voters register (kiesregister)". Apparently children are not considdered part of the population by some politicians:-)

A few years ago I found this obligation rediculous, but now, I'm convinced that it is the only way to have a real democracy. Once voting is optional, some groups of people might easily be intimidated not to vote. Remebering the protests of some "Black voters organisations" in the last US elections proves this point.

Back to topic:
The Belgian government is years behind on the field of automatisation. still evey person over the age of twelve receives an Identity Card. From the age of 16 one is obliged to have it with him/her when leaving the home.
Like any ID it contains personal data like full name, date and place of birth.
Along with that there is also the "Rijksregisternummer". The "Primary Key" to all your data in governments databases / paper files. Currently you have the right NOT to have that number printed on the ID card, but any police officer (or school headmaster for that matter) can find it using name, place and date of birth.
Still, all data is not centralised and that's good: I do not want the police officer that pulls me over for a broken headlight to know that I didn't pay my last telephone bill and divorcing my second wife (imaginary example;-)

Contrary to what the Dutch government is proposing, here there is a tendancy to _protect_ this fragmentation of personal data.
For medical databases there is allready a law to protect it from being sold or used by third parties. A negative result is that nobody can get its own medical file from his/her doctors:-)

Um, if I were you I'd worry about the much looser US privacy laws concerning commercial enterprises (DoubleClick anyone?). At least the government is supposed to work towards the benefit of all citizens...

Er, no you can't send your Tax form over the internet.
They say that in the ads, to make it sound easy.
The thing it really does is use a phone to connect to a certain number and then sends the data. That's why it won't work when you have ADSL, cable or something like that.

You may find it stupid or not, but putting out the garbage too early in the Netherlands is considered an 'environmental offence', I was fairly surprised too that they open the bags. I can really live with them opening my stinking garbagebags because I really would not like everyone to put out their trash whenever _They_ feel like it.. (*cough*)

And what the heck is wrong with openness. (I atleast expect support on Slashdot on this argument) Yes we do have nametags on every bloody door.. I think it is just sick that someone is even suspicious of the threat of 'stealing an identity'.

No, I do not mind my neighbours or for that matter you to be able to see me eating spaghetti every day because I like spaghetti (Hypothetically)

I consider Open(TM) windows, Large windows a lot better than windows-with-bars with gunowners behind them which are so scared or others that they'll shoot you as soon as you set one foot on their property. (And happily call that a right!)

I think I live in a, from a certain perspective, naive society.. But I am happy to be naive than!

Well, paper archives can be "hacked" also.... its just how good the security is. I don't see the difference. Also while most of the information is on the 'net already (by the various governemental institutions, using it for there remote offices)... only the archives are not yet all linked together and everyone uses other security systems.

I've got to point out that Scandinavia is very much like this, and it's nice in a way, to be able to live in a country where crime is so low that people are not really aware of it, especially in the UK, where you have to think about where you park your car or where you walk, and you can't leave your windows of your house open when you're not there.

We Dutch tend to view our government in a totally different way than e.g. Americans. If we are to believe the movies and the internet, the average American Joe's view of his government is a strange mixture of pride and suspicion: pride of the government's ability to take on any country on earth and suspicion of the goverment's intentions towards it's own people. (The embodiment of this last sentiment, if we are to believe Hollywood on this one, is the FBI. Are there any movies at all where the Feds are the good guys?)

The Dutch tend to think about their government in another way: a bunch of rather likeable, idealistic people. (You have to be idealistic in The Netherlands to go into politics, for there is little money to be made and little personal prestige to be gained.) The same goes for the police. A gullible breed that won't come after you unless you do something very nasty. We like it that way, and that may be the reason why the ''digital safe deposit'' subject is not that big an issue around here.

We put a lot of trust in our government. Perhaps to much. But consider this: whereas in America appr. fifty per cent of the people has every reason to feel misrepresented by their government, the Dutch tend to think that their government is a reasonable reflection of the people, because the representatives are chosen from a wide range of parties and by popular vote. A powershift as tremendous as the one we have witnessed in the US last elections is unthinkable here. That makes it easier to put your trust in the government.

Ok... THIS one gives me a clear example of how much the US(i guess, correct me if im wrong) citizens trust their government:)
Well this MAY sound shocky to you guys but....
in the Netherlands "we" (and also i) still have quite some trust in the government and the governmental system, alltho i have lost trust in the american one. (if you want motivations im glad to give them, beginning with DMCA)
Someone must be quite insane to vote for Bush.... it seems a little less then half the population of the united states of amarica is insane. (dont take it personally)...... but when you wanna judge the Dutch political system look at the DUTCH and don't reflect your "personal" governmental sorrows on a foreign issues!!!!!!!!!

These Dutch databanks are going to become the secret Swiss bank accounts of the twenty-first century. Now if only we can stop the terrorists who kidnap the Prime Minister of England in return for their old school permanent records...

This is from a thread/article started later. But I thought it relavant to quote it here.

The current edition of the European "Netzkultur" magazine, Telepolis features an article discussing the vulnerability of the the Dutch Internet infrastructure to a single, well-placed attack, according to a recent report issued by the Dutch Ministry of Traffic and Waterways:

One well-placed bomb could wreck the entire Dutch Internet, the report states.The physical protection of (fiber optic) cables at critical network and ISP junctions is almost none, TNO claims. It is very easy to find out where exactly the cables are located and they can easily be approached. 'For now the chances of a deliberate disruption of the cable network by activists or terrorists are low. But as the importance of the Internet is growing, we fear that criminals, activists or terrorist will see the cable infrastructure or other critical infrastructure as targets in the near future.'

It scares me that this information will be online, however isn't this similar to Credit Ratings Agencies? I don't know if it is the same in other countries, but in the UK, you can't get bank accounts, credit cards, mortgages, store cards etc. without the company involved scanning one of two credit ratings agencies (Equifax & Experion).
When they get some of your information wrong (which they usually do) you start getting refused financial products. Every couple of years I have payed to get my record (applications only by snail mail) from them so that I can request that they correct it.
Recently one of them got my wife's first and middle names the wrong way round on her electoral roll entry, meaning that as far as they were concerned, she didn't live there. Scariest of all, it gave us information about current residents at properties that we havn't lived at for many years including financial information.

First we deposit all our information into the box, next the government decides that the disposal becomes a mandatory business. Lastly, the government decides that in certain cases, the police may look at another's information in certain cases - probably to fight kiddy porn, perhaps people speeding with their car

If shit like this becomes widespread, crackers will be regarded as freedom fighters in the future. Maybe they already are today. By making data unsafe, they limit its usefulness, and therefore also the damage that fuckhead governements/corporations can inflict with it.

From the perspective of efficiency it may be a good idea, but from the
perspective of theft, misuse and privacy it's perhaps one of the most stupid
ideas I've ever heard of. It's funny though that after fifty years the Dutch are
planning to centralize their data again (not storing data in one central
location is a leftover from WW II. The Germans could lay their hands on all
public records in an matter of hours or days, and the Dutch government vowed to
not let that happen ever again)

Anyhow, if the public can have a say in this, they are not going to have my
vote!

Yes this might be one of the BRILLIANT ideas of my government (Yes, I'm Dutch). The govenment LOVES electronic...er...thingys. Since a few years you can submit your tax form electronically, you guessed it, by the internet.

The idea for the 'peronal database' itself is not surprising, they have been trying for years 'dicourage' fraudulence by connecting databases of the Taxes, Socail security and others using the so-called SOFI number (The Social-Fiscal Number) (Yes we Dutchmen give eachother numbers!:) ) . The are trying to add-in more databases every day.

To prevent misuse of this combined database, the government in all it's whisdom instituted law ('De Wet Bescherming Persoonsgegevens') and an independant organization to execute this law. Yeh, right.

I don't think this project is even going to be implemented. Because it's too expensive or they find out they don't really need it. And when they do implement it they probably get some very cheap (read:bad) IT people on the case and I'll be such a mess that nobody uses it.

If you would PLEASE start giving information about how to secure this information instead of keep WHINING about how bad this could be, we might get somewhere. Alltho im anti- easytohackdigisave im all pro- dificulttohackand withlotofoptiosforusersdigisave:) so...... how can we make a fine and user friendly system, easy to access for persons to check their online data, easy to use for the government so it can save tax-payers money and use it to improve third world countries or spend it to environmental projects, and dificult for outsiders to hack????
Comments please

Yup:) i guess so... Wim Kok knows everything about computers like G. Bush Jr. knows everything about foreign policy and environmental problems.
But, well, they have their advisors anyhow........ tho Kok is a socialist and has his advisors from the "people" while Bush is a republican and gets his advisors from the "Industries".
I know i NEVER ever ever ever want to move to the U.S. (im biased, im Dutch, and im proud of it.)

There are much less intrusive ways to prevent vote fraud than universal databases, or even, as in some replies to this message, requiring the adult population to show up at polling places.

Simply requiring adequate and difficult-to-forge identification at polling places (some might be shocked to find this is not required in the U.S.) would raise the cost of vote fraud to the point where it would fall to statistically insignificant levels. This, combined with cleansing the voter roles of felons and the dead, the latter of which would object less to having data about their status cross-referenced against registration lists, would restore a system that, in the U.S., is teetering on the edge of losing credibility.

If I recall the dutch have already used this data, all be it for a noble purpose (medical research). They have used the data in epidemiology. Its not hard to imagine them selling this data. It would all be anonymous, but there are already examples of data mining census data etc.; we have discussed that here before.

I find this to be a bit disturbing idea, and I'm glad I'm not dutch. Personal information should be kept personal, and not not stored online by any means, especially not this amount of information. With the increasing amount of security incidents its a miracle this thing wasn't laughed at from the beginning.

Whats more disturbing is the fct that companies will lie in efforts not to disclose these breaches as some UK banks [guardianunlimited.co.uk] have done, which is an utter disservice to their clients. When will people get their heads right?

But the Commission also proposes that Dutch citizens get the possibility to store other information in their digital safe-deposit, like
medical and financial information. Citizens can decide to whom they will give access to these types of information. The digital safe-deposit
should be located at the web sites of the municipialities. For the protection of the safe-deposits the commission suggests to give each
Dutch citizen an electronic identity card with biometrics information. Citizens who are not on-line should get access to their digital safe-deposit through public terminals at the municipal hall.

As if Biometrics is the answer to all problems. "some biometrics are easy to steal. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in.We'll
compare the picture with the one we have in file." What are the attacks here?" (taken from a Bruce Schneier [counterpane.com] article)

The Commission thinks that the introduction of the system will give a boost to the digitalisation of Dutch society. New developments like electronic commerce and payment systems for driving have a clear need for the availability of reliable personal data that easily can be transferred and checked.

Personally I see a huge influx of identify thefts occuring there if they do go ahead with this system. Its bad enough its extremely easy to get information on anyone as it stands, and now you have the Dutch become more receptive to irresponsibly giving it away for free, to those who can manipulate their (often easily accessible)
networks.

One thing I can say is, I'm glad we have groups in the US that counter these types of actions from seeing the light of day out here in the US. Your privacy should be guarded with your life, since it ultimately is your life. Not some stored bit of information legislators wanna use for political agendas such as pushing for an ecommerce or "digitalization" boost to their economies.

Still, we all have some nice "primary key" attached to us, like the social security number...

Don't forget your phone number -- its among the top tools for tracking individuals across databases. If you can manage it, try to give a shared office number for people you fear might be tracking you...

This will allow different branches of government to interface MUCH more efficiently and cut down on the number of errors greatly. Or at least it should.

I'm from Louisiana, USA, and every election they have a large amount of the dead population vote. You know, fraud. The problem is that the people who register voters and the people who keep track of who's dead can't interface anywhere near as quickly as they should.

Having the different branches of government being able to share the same data, making sure everyone's on the same page, is a huge jump in efficiency. It needs to come, and this is a plan that would serve to jump start the process that would otherwise be completely wrapped up in red tape from now till kingdom come.